PWN-Hunter/android_device_xiaomi_sdm845-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sdm845-common: init.qcom.usb: Fix dac_override SELinux denials in charger mode

Browse Source 
The following SELinux denials are seen when booting into charger mode:

type=1400 audit(1746.159:22): avc: denied { dac_read_search } for
 comm="init.qcom.usb.s" capability=2 scontext=u:r:vendor_qti_init_shell:s0
 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0
type=1400 audit(1746.159:23): avc: denied { dac_override } for
 comm="init.qcom.usb.s" capability=1 scontext=u:r:vendor_qti_init_shell:s0
 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0
type=1400 audit(1746.267:24): avc: denied { dac_read_search } for
 comm="init.qcom.usb.s" capability=2 scontext=u:r:vendor_qti_init_shell:s0
 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0
type=1400 audit(1746.267:25): avc: denied { dac_override } for
 comm="init.qcom.usb.s" capability=1 scontext=u:r:vendor_qti_init_shell:s0
 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0

The DAC errors indicate that there is some kind of access, usually
by root, to a file or directory where the ownership is given to another
user/group which is not root. So since root may not have explicit
permission to access it has to override the default access control
which is flagged by SELinux.

In charger mode, like in normal boot, the init.qcom.usb.sh script
executes in the same process as init, so it is executing as root.
The script is trying to read/write to the ConfigFS string entries.
The fix for these denials is to ensure that any files/directories
being accessed by the script give root permission to access the same.
Hence remove the shell/shell ownership change when creating the USB
gadget and config subdirectories in ConfigFS.

While at it also remove mounting of ADB FFS and the ConfigFS function
instance as we are not enabling ADB in charger mode.

Change-Id: I33d6a9ce8e1bb4594a053156d46688ab11c5491d
This commit is contained in:
Jack Pham 2020-04-17 00:27:04 -07:00 committed by Bruno Martins
parent a7b0f740fb
commit d3edfa00f0
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
rootdir/etc/init.qcom.usb.rc
View File

@ -26,24 +26,18 @@
#
on charger
mkdir /dev/usb-ffs 0770 shell shell
mkdir /dev/usb-ffs/adb 0770 shell shell
mount configfs none /config
mkdir /config/usb_gadget/g1 0770 shell shell
mkdir /config/usb_gadget/g1 0770
mkdir /config/usb_gadget/g1/strings/0x409 0770
write /config/usb_gadget/g1/bcdUSB 0x0200
write /config/usb_gadget/g1/os_desc/use 1
write /config/usb_gadget/g1/strings/0x409/serialnumber ${ro.serialno}
write /config/usb_gadget/g1/strings/0x409/manufacturer ${ro.product.manufacturer}
write /config/usb_gadget/g1/strings/0x409/product ${ro.product.model}
mkdir /config/usb_gadget/g1/functions/mass_storage.0
mkdir /config/usb_gadget/g1/functions/ffs.adb
mkdir /config/usb_gadget/g1/configs/b.1 0770 shell shell
mkdir /config/usb_gadget/g1/configs/b.1/strings/0x409 0770 shell shell
mkdir /config/usb_gadget/g1/configs/b.1 0770
mkdir /config/usb_gadget/g1/configs/b.1/strings/0x409 0770
write /config/usb_gadget/g1/configs/b.1/MaxPower 900
write /config/usb_gadget/g1/os_desc/b_vendor_code 0x1
symlink /config/usb_gadget/g1/configs/b.1 /config/usb_gadget/g1/os_desc/b.1
mount functionfs adb /dev/usb-ffs/adb uid=2000,gid=2000
exec u:r:vendor_qti_init_shell:s0 -- /vendor/bin/init.qcom.usb.sh
setprop sys.usb.config mass_storage
setprop sys.usb.configfs 1